E-commerce Security Basics

When you send information over the internet without encryption, it’s not a question of if someone is listening. It’s a question of who is listening. Customers want to feel secure and businesses want to make sales. E-commerce security is attainable, but the best practices for maintaining it evolve from year to year. Recent security breaches like Heartbleed and Poodle have reminded us that it’s important to maintain up-to-date on current security factors. Even major corporations like eBay and Target have been shown to have vulnerabilities.

What an e-commerce security environment currently looks like

For e-commerce to work, a customer needs to be able to send payment information to a website in such a way that it can’t be read until it reaches the intended recipient. Secure Sockets Layer, or SSL, is a data encryption technology designed to solve this problem.

The basics of SSL

Although the details of how SSL functions have evolved since its development by Netscape in 1994, it’s been the predominant player in the e-commerce security field ever since, and the padlock and/or green bar a browser displays next to an SSL-secured web address has become practically synonymous with safety on the web. When a site is available at “https://” rather than “http://”, the “s” is telling you that the the communication between client and server is taking place via Hypertext Transfer Protocol that is secured by SSL. It means “HTTP over SSL.” The difference may seem nitpicky, but it’s at the heart of e-commerce security.

How SSL works

Information sent between a client (customer) and server (business) is plain text. SSL encrypts that text before it leaves either end of the arrangement. Both parties have secret keys which allow them to decrypt the data when it arrives. The way this is achieved is rather tricky, since sharing a key to a website securely before a secure channel has been established presents something of a catch-22.

The magic happens in the first few milliseconds when the client navigates to the server’s URL, using an identification tool known as an SSL certificate, which functions as a digital version of a notary. Browsers come built-in with a database of legitimate certificate authorities (e.g. SSL certificate providers), allowing them to check the legitimacy of a certificate and act as a go-between. The process looks like this:

  1. Client browser requests the server’s SSL Certificate
  2. Server presents certificate, along with a public key associated with the server
  3. If the client browser recognizes the certificate as legitimate and current, it sends a key back as confirmation, using the server’s public key to generate this one-way key so that only the server can decrypt it using a related private key that never left the server
  4. The server sends back an encrypted session key to establish a two-way channel, with both client and server using that session key to decrypt information until the session is terminated

Client and Server Security

SSL is virtually foolproof when it comes to protecting credit card information against man-in-the-middle attacks. Unfortunately, SSL doesn’t work if either the client or server is compromised by hackers, and that’s where other security factors like firewall and platform security come in. Enter PCI/DDS compliance.

PCI/DDS compliance

Getting audited may sound scary, but PCI/DDS compliance is currently the gold standard of e-commerce security. PCI/DDS ensures security on all fronts, including everything from anti-virus controls to data protection. PCI/DDS compliance is important because it encourages a proactive approach to security. The legal consequences of losing a customer’s credit card information can doom a business. It simply isn’t worth the risk.

Platform patches

Most e-commerce businesses are built on established platform like Magneto, Shopify, or WooCommerce. Platforms are great, but like any software they need regularly updated patches to stay current. E-commerce software is no exception. Maintaining current security patches is especially important with smaller business for whom PCI/DDS compliance may be unrealistic.

Looking forward

The web is fast becoming the primary channel for storing and sharing personal information. With so much information floating around consumers are right to expect security. Recent updates to Google’s search algorithms have been shown to favor secure sites, and online shoppers increasingly expect to see a reassuring padlock icon in their browser before they’ll make a purchase. For e-commerce environments, SSL and other security technologies have become de facto requirements.

Share on facebook
Facebook
Share on email
Email
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pocket
Pocket
Colby Albarado

Colby Albarado

Colby is a fullstack developer

Back to Home Page

Colby Albarado

Full Stack Developer

A full stack developer is an engineer who can develop client & server side applications. As well as administration of databases & servers.

Languages

  • PHP
  • JavaScript
  • MySQL
  • HTML/CSS

Frameworks

  • Vue JS
  • Laravel

CMS

  • WordPress
  • WooCommerce

Web Dev

Web Development is a process. The creation of a plan to construct something virtual or actual. Websites, graphics and other forms of media require a strong design foundation to be effective.

Capabilities

  • WordPress Plugins
  • Custom JavaScript Apps
  • Front End Development
  • Custom Programming

Contact Me

SEO

SEO Ranking in any search engine requires a persistent endeavor to improve user experience and online visibility, while creating especially relevant content for your audience. Boosting organic traffic to your website can be achieved through relevant content creation, keywords, link building, monitoring and data testing.

Capabilities

  • Local SEO Ranking
  • Organic Search Ranking
  • OnPage SEO Implementation
  • Analytic Reporting
  • Traffic Analysis

Contact Me

WordPress

WordPress is extremely user friendly and flexible. It powers over 75 million sites worldwide. We are WordPress experts and can handle brand new sites, complete redesigns and overhaul and custom plugins for the WordPress system.

Capabilities

  • New Websites
  • Managed Hosting
  • WordPress Updates
  • Plugin Development
  • WordPress Management

Contact Me

Video

I provide full scale post production video services. Social media & promotional video. On-screen graphics, special effects and professional voice-overs are just a few of the services provided.

Capabilities

  • Post Production
  • Social Media Videos
  • Motion Graphics
  • Animation

Demo Reel Coming Soon!

Contact Me

GuyGlassesIcon

Contact

Submit this form to make contact about your project

Clients

I’ve worked with a variety of clients that range in size and industry

Feedback

Holly Lynn-Cope
Moncus Park
Colby at Eyebox Media has not only created a gorgeous website for us at Moncus Park, but he has also made it so easy for a WordPress novice like myself to update our website.
Michelle Morales
Punch Point Tools
I have been working with Colby for a few years now, and he has helped me with everything I asked of him. He has designed my website twice and understood exactly what I wanted each time. Very easy to work with and looking forward to working with him again.
Michael Olivier
CrossFit Amis
Colby is a highly qualified professional website builder and marketing consultant. He works to resolve issues quickly. I have complete confidence in Colby and am absolutely satisfied with our finished product, a complete website overhaul.
Scott Hutchinson
Hutco Inc
Created a unique marketing plan that was executed timely and affordable. Very satisfied.
Laurie Driggs-Fontenot
Ninety-Two West
Colby is professional, thorough, and knowledgeable. Would work with him again!
Brandon Chatham
Blast Tech
Excellent support and very responsive when we need to add functionality. I would recommend them to anyone!

Message Sent!

Thanks! I'll be in Touch Soon!